Overview of Internal Controls - PowerPoint PPT Presentation

About This Presentation
Title:

Overview of Internal Controls

Description:

Overview of Internal Controls Internal control is a process designed to provide reasonable assurance regarding the achievement of effectiveness and efficiency of ... – PowerPoint PPT presentation

Number of Views:227
Avg rating:3.0/5.0
Slides: 30
Provided by: student01
Learn more at: http://streaming.osu.edu
Category:

less

Transcript and Presenter's Notes

Title: Overview of Internal Controls


1
Overview of Internal Controls
Internal control is a process designed to
provide reasonable assurance regarding the
achievement of effectiveness and efficiency of
operations, reliability of financial reporting,
and compliance with laws and regulations.
Source Understanding Internal Controls, A
Reference Guide for Managing University Business
Practices, by University of California.
2
Overview of Internal Controls
Prepared and Presented by
Dan Allen, MBA, CFE, CISA Student Affairs
Controller and Director of Fiscal Support
Services PH 688-3318 E-mail allen.31_at_osu.edu
IC-02
3
Overview of Internal Controls
Objectives
Define internal controls and relate it to the
day-to-day management of our operations.
We will discuss
  • How controls (internal controls) are part of
    the management process
  • The purpose of internal controls
  • The five interrelated components of internal
    controls
  • The relationship between risks, costs, and
    controls
  • University-required internal controls and
    sub-certification
  • Other important University-related internal
    controls

IC-03
4
Internal Controls Overview Key Management Process
Many people equate controls with accountants and
auditors, however, controls are part of the
day-to-day management process. Internal control
simply refers to the controlling activities that
are performed within an organization.
Management Process (from Wikipedia)
Management process is a process of planning and
controlling the performance or execution of any
type of activity. . . . Organizations top
management is responsible for carrying out this
management process.
IC-04
5
Internal Controls Overview Purpose of Internal
Controls
  • Purpose of Internal Controls
  • Keeps an organization on course toward its
    objectives and the achievement of its mission,
    and minimizes surprises along the way.
  • Promotes effectiveness and efficiency of
    operations, reduces the risk of asset loss, and
    helps to ensure compliance with laws and
    regulations.
  • Ensures the reliability of financial reporting
    (i.e., all transactions are recorded and that all
    recorded transactions are real, properly valued,
    recorded on a timely basis, properly classified,
    and correctly summarized and posted.)
  • Helps protect our students, our staff, our
    management, and the public.
  • Safety
  • Integrity
  • Reputation

Source Understanding Internal Controls, A
Reference Guide for Managing University Business
Practices, by University of California.
IC-05
6
Internal Controls Overview Components of Internal
Controls
  • Internal control consists of five interrelated
    components which all five must be present to
    conclude that internal control is effective.
  • The components include
  • Control (or operating) environment
  • Risk assessment
  • Control activities
  • Monitoring, and
  • Information and communication

Source Understanding Internal Controls, A
Reference Guide for Managing University Business
Practices, by University of California.
IC-06
7
Internal Controls Overview Relationship Between
Risks, Costs and Controls
An effective control system provides reasonable,
but not absolute assurance for the safeguarding
of assets, the reliability of financial
information, and the compliance with laws and
regulations.
Reasonable assurance is a concept that
acknowledges that control systems should be
developed and implemented to provide management
with the appropriate balance between risk of a
certain business practice and the level of
control required to ensure business objectives
are met.
The cost of a control should not exceed the
benefit to be derived from it.
Source Understanding Internal Controls, A
Reference Guide for Managing University Business
Practices, by University of California.
IC-07
8
Internal Controls Overview Components of Internal
Controls
  • Control Environment the control consciousness
    of an organization. The control environment is
    greatly influenced by the extent to which
    individuals recognize that they will be held
    accountable.

The control environment includes technical
competence and ethical commitment it is an
intangible factor that is essential to effective
internal control. Management is responsible for
setting the tone for the organization by
fostering the highest levels of integrity and
personal and professional standards,
demonstrating a leadership philosophy and
operating style which promotes internal control,
and the assignment of authority and
responsibility.
In a control conscious environment, all employees
are responsible for implementing internal
controls and for reporting or taking other
corrective actions to mitigate possible control
issues/weaknesses.
IC-08
Source Understanding Internal Controls, A
Reference Guide for Managing University Business
Practices, by University of California.
9
Internal Controls Overview Components of Internal
Controls
  • 2. Risk Assessment the identification and
    analysis of risks associated with the achievement
    of operations, financial reporting, and
    compliance goals and objectives. This, in turn,
    forms a basis for determining how those risks
    should be managed.

Risk is the probability that an event or action
will adversely affect the organization. To
achieve goals and objectives, management needs to
effectively balance risks and controls.
Therefore, control procedures need to be
developed so that they decrease risk to a level
where management can accept the exposure to that
risk. By performing this balancing act
reasonable assurance can be attained.
To achieve a balance between risk and controls,
internal controls should be proactive,
value-added, cost-effective and address exposure
to risk.
IC-09
Source Understanding Internal Controls, A
Reference Guide for Managing University Business
Practices, by University of California.
10
Internal Controls Overview Components of Internal
Controls
2. Risk Assessment (continued)
  • Risk Analysis
  • After risks have been identified, a risk analysis
    should be performed to prioritize those risks
  • Assess the likelihood (or probability and
    threat) of the risk occurring
  • Estimate the potential impact if the risk were
    to occur consider both quantitative and
    qualitative costs
  • Determine how the risk should be managed
    decide what actions are necessary.

Examples of Quantitative costs include the
cost of property, equipment, or inventory, cash
dollar loss, damage and repair costs, cost of
defending a lawsuit, etc. Qualitative costs can
have wide-ranging implications to the University.
These costs may include loss of public trust,
loss of future grants, gifts and donations,
injury to the Universitys reputation, increased
litigation, violation of laws, etc.
IC-10
Source Understanding Internal Controls, A
Reference Guide for Managing University Business
Practices, by University of California.
11
Internal Controls Overview Components of Internal
Controls
  • Control Activities the actions, supported by
    policies and procedures that, when carried out
    properly and in a timely manner, manage or reduce
    risks.
  • Controls can be classified as preventive,
    detective, or corrective controls.
  • Preventive controls (P) - attempt to deter or
    prevent undesirable events from occurring.

  • They are proactive controls that help prevent a
    loss.
  • Detective controls (D) - attempt to detect
    undesirable acts.
  • Corrective controls (C) - are procedures that fix
    an error or control situation
  • Control activities generally include
  • approvals, authorizations, and verifications
  • reconciliations,
  • reviews of performance,
  • security of assets,
  • segregation of duties,
  • training, and
  • controls over information systems.

IC-11
Source Understanding Internal Controls, A
Reference Guide for Managing University Business
Practices, by University of California.
12
Internal Controls Overview Components of Internal
Controls
  • Control Activities (continued)
  • Control Activities Approvals (Preventive)
  • Approvers should review supporting documentation,
    question unusual items, and make sure that
    necessary information is present to justify the
    transaction before they sign it. Signing blank
    forms is never allowed. Approval authority is
    delegated in writing and may be linked to
    specific dollar levels. Transactions that
    exceed the specified dollar level would require
    approval at a higher level.
  • Key approval controls
  • Written policies and procedures
  • Limits to authority
  • Supporting documentation
  • Question unusual items
  • No rubber stamps, and
  • No blank signed forms

IC-12
Source Understanding Internal Controls, A
Reference Guide for Managing University Business
Practices, by University of California.
13
Internal Controls Overview Components of Internal
Controls
  • Control Activities (continued)
  • Control Activities Reconciliations (Detective)

A reconciliation is a comparison of different
sets of data to one another, identifying and
investigating differences, and taking corrective
action, when necessary Reconciliations help to
ensure the accuracy, completeness of
transactions, and that transactions were properly
approved, that have been charged to a
departments accounts. A critical element of the
reconciliation process is to resolve
differences. Reconciliations should be
documented and approved by management.
IC-13
Source Understanding Internal Controls, A
Reference Guide for Managing University Business
Practices, by University of California.
14
Internal Controls Overview Components of Internal
Controls
  • Control Activities (continued)
  • Control Activities Reviews (Detective)
  • Reviewing reports, statements, reconciliations,
    and other information by management is an
    important control activity. Management should
    review such information for consistency and
    reasonableness.
  • Management reviews should generally include
  • Budget to actual comparison
  • Current to prior period comparison
  • Performance indicators
  • Follow-up on unexpected results or unusual
    items

Reviews of performance provide a basis for
detecting problems. Management should compare
information about current performance to budgets,
forecasts, prior periods or other benchmarks to
measure the extent to which goals and objectives
are being achieved and to identify unexpected
results or unusual conditions which require
follow-up. Managements review of reports,
statements, reconciliations, and other
information should be documented as well as the
resolution of items noted for follow-up.
IC-14
Source Understanding Internal Controls, A
Reference Guide for Managing University Business
Practices, by University of California.
15
Internal Controls Overview Components of Internal
Controls
  • Control Activities (continued)
  • Control Activities Asset Security (Preventive
    and Detective)
  • Assets, such as cash, checks, credit cards,
    laptops, vital documents, critical systems, and
    confidential information must be safeguarded
    against unauthorized use or disposition.
    Typically, access controls are the best way to
    safeguard these assets.
  • Examples of access controls are
  • Locked doors
  • Card key systems
  • Locked filing cabinet
  • Guard
  • Computer password
  • Data encryption
  • Departments with capital assets or significant
    inventories should establish perpetual inventory
    control over these items by recording purchases
    and issuances.
  • Periodically, items should be physically counted
    by a person who is independent of the purchase,
    authorization and asset custody functions, and
    the counts should be compared to balances per
    perpetual records.
  • Missing items should be investigated, resolved,
    and analyzed for possible control deficiencies
    perpetual records should be adjusted to physical
    counts if missing items are not located.

IC-15
Source Understanding Internal Controls, A
Reference Guide for Managing University Business
Practices, by University of California.
16
Internal Controls Overview Components of Internal
Controls
  • Control Activities (continued)
  • Control Activities Segregation of Duties
    (Preventive and Detective)
  • Segregation of duties is critical to effective
    internal control it reduces the risk of both
    erroneous and inappropriate actions. In general,
    the approval function, the accounting/reconciling
    function, and the asset custody function should
    be separated among employees. Segregation of
    duties is a deterrent to fraud because it
    requires collusion with another person to
    perpetrate a fraudulent act.
  • No one person should . . .
  • Initiate the transaction
  • Approve the transaction
  • Record the transaction
  • Reconcile balances
  • Handle assets
  • Review reports
  • At least two sets of eyes required of all
    transactions

IC-16
Source Understanding Internal Controls, A
Reference Guide for Managing University Business
Practices, by University of California.
17
Internal Controls Overview Components of Internal
Controls
  • Control Activities (continued)
  • Control Activities Segregation of Duties
    (Preventive and Detective)
  • Specific examples of segregation of duties
    include
  • The person who requisitions the purchase of
    goods or services should not be the person who
    approves the purchase.
  • The person who approves the purchase of goods
    or services should not be the person who
    reconciles the monthly financial reports.
  • The person who approves the purchase of goods
    or services should not be able to obtain custody
    of checks.
  • The person who maintains and reconciles the
    accounting records should not be able to obtain
    custody of checks.
  • The person who opens the mail and prepares a
    listing of checks received should not be the
    person who makes the deposit.
  • The person who opens the mail and prepares a
    listing of checks received should not be the
    person who maintains the accounts receivable
    records.

IC-17
Source Understanding Internal Controls, A
Reference Guide for Managing University Business
Practices, by University of California.
18
Internal Controls Overview Components of Internal
Controls
4. Monitoring the assessment of internal
control performance over time it is accomplished
by ongoing monitoring activities and by separate
evaluations of internal control such as
self-assessments, peer reviews, and internal
audits.
  • The purpose of monitoring is to determine whether
    internal control is adequately designed, properly
    executed, and effective.
  • Internal control is effective if management and
    interested stakeholders have reasonable assurance
    that
  • They understand the extent to which operations
    objectives are being achieved.
  • Published financial statements are being
    prepared reliably.
  • Applicable laws and regulations are being
    compiled.
  • While internal control is a process, its
    effectiveness is an assessment of the condition
    of the process at one or more points in time.

IC-18
Source Understanding Internal Controls, A
Reference Guide for Managing University Business
Practices, by University of California.
19
Internal Controls Overview Components of Internal
Controls
5. Information and Communication information
about an organizations plans, control
environment, risks, control activities, and
performance must be communicated up, down, and
across an organization.
  • When assessing internal control, the key
    questions to ask about information and
    communication include
  • Does the department get the information it
    needs from internal and external sources in a
    form and timeframe that is useful?
  • Does the department get information that alerts
    it to internal or external risks (e.g.,
    legislative, regulatory, and developments)?
  • Does the department get information that
    measures its performance-information that tells
    the department whether it is achieving its
    operations, financial reporting, and compliance
    objectives?
  • Does the department identify, capture, process,
    and communicate the information that others needs
    (e.g., information used by our customers or other
    departments) in a form and timeframe that is
    useful?
  • Does the department provide information to
    others that alerts them to internal or external
    risks?
  • Does the department communicate effectively
    internally and externally?

IC-19
Source Understanding Internal Controls, A
Reference Guide for Managing University Business
Practices, by University of California.
20
Internal Controls Overview Universitys Internal
Control Questions
What are the primary internal controls that the
University has specified as being required?
IC-20
21
Internal Controls Overview Universitys Internal
Control Questions
  • In an effort to assess and improve the
    Universitys internal controls, beginning in
    FY2006, the University requested operations to
    annually assess whether sufficient internal
    control structures are in place to effectively
    identify weaknesses in financial processes and
    systems, and to sub-certify compliance on 16 key
    internal controls.
  • The controls status is based on the following
    criteria
  • Green generally complies with policies and
    control activities
  • Yellow partially complies with policies and
    control activities opportunities for improvement
    exist
  • Red routinely does not comply with policies and
    control activities improvement is needed.
  • Areas assessed as yellow or red require
    action plans to resolve the control gaps.
  • By being required to be assessed annually, these
    16 controls (or control processes) should be
    assumed to be required University controls.

IC-21
22
Internal Controls Overview Universitys Internal
Control Questions
Does the College/Office . . .
  1. Require staff with fiscal responsibilities to
    attend system training offered by OIT and
    financial training offered by the Controllers
    Office?
  2. Follow personnel and payroll policies set forth
    by the Office of Human Resources?
  3. Have an effective control structure that includes
    monitoring activities, to ensure compliance with
    University policies regarding use of Procurement
    Cards?
  4. Have processes and monitoring activities in place
    to ensure compliance with the guidelines on
    alcohol, meals, entertainment, recruiting,
    cellular phones, employee recognition events,
    professional dues and subscriptions, and payment
    for services set forth in the University
    Expenditure Policies?
  5. Have processes and monitoring activities in place
    to ensure compliance with University Travel
    Policies?

IC-22
23
Internal Controls Overview Universitys Internal
Control Questions
Does the College/Office . . .
  • Coordinate all gift and fundraising activities
    with the Office of University Development?
  • Process all sponsored research proposals and
    agreements through the OSU Research Foundation?
  • Submit proposed rates and earnings budgets to
    Resource Planning for all operations that sell
    goods or services?
  • Maintain supporting documentation for its
    financial transactions, in accordance with
    retention guidelines set forth by University
    Archives?
  • Perform monthly reconciliations of transactions
    appearing in its general ledger reports (e.g.
    payroll, purchasing, travel, etc.) to internal
    source documents?
  • Have an established process for reporting
    financial errors, problems, etc. to senior
    administrators within the college?

IC-23
24
Internal Controls Overview Universitys Internal
Control Questions
Does the College/Office . . .
  1. Reconcile all non-cash assets and liabilities to
    supporting detail on a monthly basis?
  2. Have processes and monitoring activities in place
    to ensure compliance with fund restrictions
    imposed by donors, granting agencies and other
    resource providers?
  3. Have processes and monitoring activities in place
    to ensure compliance with University Treasurer
    policies on cash handling (including separation
    of duties, timely preparation of deposits, rules
    on petty cash/change funds, management review of
    deposit corrections, and reporting of cash
    shortages to Internal Audit and OSU Police)?
  4. Require faculty and staff with fiscal
    responsibilities to understand and observe the
    Ohio Ethics Law?
  5. Have processing and monitoring activities in
    place to ensure effective custody over non-cash
    assets, including maintenance of accurate
    equipment inventory records, measures to prevent
    loss/theft of items, and compliance with
    University surplus/disposal policies?

IC-24
25
Internal Controls Overview Other University
Internal Controls
  • The following are other important
    University-related internal controls or
    requirements
  • Emergency Management and Business Continuity
    Plans.
  • PeopleSoft access security, limiting access and
    functionality.
  • Conflict of Interest disclosures completed
    annually.
  • University error/violation reporting procedures
    and anonymous reporting line.
  • Dollar limits for transactions, such as for
    purchases and authorizations.
  • Requirement for budgets and frequent
    comparisons of budget to actuals.
  • Requirement of submission of fees and rates,
    and approval by BOT.
  • Payroll certifications.

IC-25
26
Internal Controls Overview Other University
Internal Controls
  • Other important University-related internal
    controls (continued)
  • Requirement to tag all items purchased over a
    dollar threshold.
  • Maintain listings of delegation of
    authorities.
  • Requirements for background checks for staff
    (based on responsibilities).
  • Multiple ways to perform purchasing, reducing
    risk of not being able to purchase items that are
    needed.
  • Independent controls monitoring and reporting
    by the Department of Internal Audit.
  • Independent controls monitoring and reporting
    by external auditors (for the State).
  • (just to name a few . . . )

This completes the course material, now lets
summarize.
IC-26
27
Internal Controls Overview Summary
Summary Management Process
  • Effective internal control is a built-in part of
    the management process of planning and
    controlling.
  • Keeps an organization on course toward its
    objectives and the achievement of its mission,
    and minimizes surprises along the way.
  • Promotes effectiveness and efficiency of
    operations, reduces the risk of asset loss, and
    helps to ensure compliance with laws and
    regulations.
  • Ensures the reliability of financial reporting
    (i.e., all transactions are recorded and that all
    recorded transactions are real, properly valued,
    recorded on a timely basis, properly classified,
    and correctly summarized and posted.)
  • Helps protect our students, our staff, our
    management, and the public.
  • Safety
  • Integrity
  • Reputation

Summary Purpose of Internal Controls
IC-27
28
Internal Controls Overview Summary
Summary 5 Components of Internal Controls
  • Internal control consists of five interrelated
    components which all five must be present to
    conclude that internal control is effective. The
    components include
  • Control (or operating) environment
  • Risk assessment
  • Control activities
  • Monitoring, and
  • Information and communication

Source Understanding Internal Controls, A
Reference Guide for Managing University Business
Practices, by University of California.
IC-28
29
Internal Controls Overview Summary
Summary Overall Purpose
The purpose of this class was to provide an
overview of internal controls and to relate
internal controls to the day-to-day management of
operations. Have we achieved our objective?
  • If you have questions about internal controls,
    please contact
  • Your Senior Fiscal Officer or other appropriate
    unit staff
  • University Controllers Office, or
  • Internal Audit

Thank you for your participation!!
Please complete the course review questions.
Successful completion of the review questions is
required to indicate completion of the course.
IC-29
Write a Comment
User Comments (0)
About PowerShow.com